Besides the complexity of online transactions vis-a-vis cash, one of the hurdles for online payments has been concerns over security.The rising number of hack attempts on banks has made people sceptical.

RBI has highlighted that the customer will only be liable in case of her own fault, while in other cases, she would bear zero liability. (Reuters)

Besides the complexity of online transactions vis-a-vis cash, one of the hurdles for online payments has been concerns over security.The rising number of hack attempts on banks has made people sceptical. While the government has tried to solve the first—it has launched three iterations of its payment service—the new guidelines released by RBI will probably address the second. The central bank, on Monday, notified limited liability rules in case of card fraud. RBI has highlighted that the customer will only be liable in case of her own fault, while in other cases, she would bear zero liability. Banks, if informed within three days of a third-party breach, would have to give the customer the entire amount in her account. On the other hand, if the customer is at fault—say, casually sharing information or clicking on phishing links—she will bear liability for all transactions until she reports the breach. A well-thought out move, this places some onus of security on customers, prodding them to check risky behaviour. RBI has also made mobile linking mandatory, and a failure to do so means all transactions other than ATM withdrawals being disallowed.

Most banks charge for the SMS alert facility. Though they are now required to have “reply” options to such messages, RBI does not specify who will bear the cost of this service. Surely charging banks for this can’t be an option? The rules also leave a vacuum in terms of security of third-party e-wallets. More important, while the onus is on the bank to prove customer’s liability within 90 days, this may not be an easy task with customers who try to game the system and refuse to settle their bills. What the central bank can do is make OTP mandatory for all transactions. That would ensure another layer of security, especially with mobile-linking becoming compulsory. Aadhaar can also be an answer to the bank’s woes. As infrastructure improves, banks can look forward to fingerprint authentication at each terminal—in no case can people claim fraud if transactions are approved using biometrics.